According to the report the large scale cyber-espionage campaign was active since 2007 and is still active at the time of writing (January 2013). The main purpose of the campaign is to gather classified information and geopolitical intelligence.

It’s targeted to affect international diplomatic service agencies, or governments computers. The most affected countries are in Eastern Europe, former USSR members and countries in Central Asia, but also in Western Europe and North America.

Kaspersky experts were not able to identify the people or organizations responsible for the project.

Within the last three years three espionage malware targeting governments been discovered. First, “Stuxnet”, which targeted Iran. Then “Flame”, which targeted Middle Eastern countries in general. And “Red October”, which has a massive global reach.

The main activities or tasks of the malware on affected computers and networks as reported by the Kasperky report are:

Examples of “persistent” tasks

– Once a USB drive is connected, search and extract files by mask/format, including deleted files. Deleted files are restored using a built in file system parser

– Wait for an iPhone or a Nokia phone to be connected. Once connected, retrieve information about the phone, its phone book, contact list, call history, calendar, SMS messages, browsing history

– Wait for a Windows Mobile phone to be connected. Once connected, infect the phone with a mobile version of the Rocra main component

– Wait for a specially crafted Microsoft Office or PDF document and execute a malicious payload embedded in that document, implementing a one-way covert channel of communication that can be used to restore control of the infected machine

– Record all the keystrokes, make screenshots

– Execute additional encrypted modules according to a pre-defined schedule

Related Post

Mawuna Koutonin is a world peace activist who relentlessly works to empower people to express their full potential and pursue their dreams, regardless of their background. He is the Editior of SiliconAfrica.com, Founder of Goodbuzz.net, and Social activist for Africa Renaissance. Koutonin’s ultimate dream is to open a world-class human potential development school in Africa in 2017. If you are interested in learning more about this venture or Koutonin’s other projects, you can reach him directly by emailing at mk@linkcrafter.com.